[xml/sgml-pkgs] Bug#587271: Bug#587271: libxml2 zegfault reading any xml file on amd64

Marc Chantreux marc.chantreux at biblibre.com
Sun Jun 27 12:33:19 UTC 2010 

hello Mike and thanks for reply. 

On Sun, Jun 27, 2010 at 12:04:22PM +0200, Mike Hommey wrote:
> > - I tried to apt-get source and compile again: same pb. 
> > - using gdb and some code hacks, i saw the segfault appears at xmlIO.c:2412
> >   because cptr is out of bounds.
> > - collecting more infos is WIP.
> 
> The version of libxml2 you are using hasn't changed for almost a year,
> so I doubt it is really a libxml2 issue, thus downgrading severity.

I'm very confused: bug appears after an apache reboot so i really don't
know why the pb appears now.

the gz callback doesn't care about filename and always matches
so the file callback can't be reached.

I just recompiled with my own patch (see the end of message) and it works
(seems like a klugde but i really need my server to work). 

As libxml2 is an old package, the pb may be elsewhere (gzip lib?). I
seen there is no test of cptr after the line but i just don't figure out
how to do it for the moment. 

cptr = (char *) ((z_stream *)context)->next_in;

> Are you sure you don't have a custom libxml2 installation in
> /usr/local/lib or something similar ? (try to check the output for ldd
> /usr/bin/xmllint))

i try to avoid as far as possible to have homebrew libs on production
servers:

ldd =xmllint | perl -lne 'm#/usr\S+xml\S+# and print `dpkg -S $&`'
libxml2: /usr/lib/libxml2.so.2

again: thanks for help. 

---
 libxml2-2.6.32.dfsg/xmlIO.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/libxml2-2.6.32.dfsg/xmlIO.c b/libxml2-2.6.32.dfsg/xmlIO.c
index dd4f7e7..c14a68e 100644
--- a/libxml2-2.6.32.dfsg/xmlIO.c
+++ b/libxml2-2.6.32.dfsg/xmlIO.c
@@ -1087,7 +1087,10 @@ xmlBufferWrite (void * context, const char * buffer, int len) {
  */
 static int
 xmlGzfileMatch (const char *filename ATTRIBUTE_UNUSED) {
-    return(1);
+    return ! strncmp
+    ( filename + strlen( filename ) - 3
+    , ".gz" , 3
+    );
 }
 
 /**

-- 
Marc Chantreux
BibLibre, expert en logiciels libres pour l'info-doc
http://biblibre.com

More information about the debian-xml-sgml-pkgs mailing list